From 3c6b69b51a4ddd76445df8d8b33893df1812006b Mon Sep 17 00:00:00 2001 From: Bruno Pimentel Date: Mon, 22 Apr 2024 21:45:46 -0300 Subject: [PATCH] Fix RPM missing checksum reporting This patch fixes the property that is added to the SBOM component indicating that an RPM file had its checksum missing in a processed lockfile to point to the actual lockfile path, instead of the RPM filename. Signed-off-by: Bruno Pimentel --- cachi2/core/package_managers/rpm/main.py | 11 +++++++---- tests/unit/package_managers/test_rpm.py | 13 ++++++++----- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/cachi2/core/package_managers/rpm/main.py b/cachi2/core/package_managers/rpm/main.py index 7a9398e0d..ceae610d3 100644 --- a/cachi2/core/package_managers/rpm/main.py +++ b/cachi2/core/package_managers/rpm/main.py @@ -88,7 +88,9 @@ def _resolve_rpm_project(source_dir: RootedPath, output_dir: RootedPath) -> list package_dir = output_dir.join_within_root(DEFAULT_PACKAGE_DIR) metadata = _download(redhat_rpms_lock, package_dir.path) _verify_downloaded(metadata) - return _generate_sbom_components(metadata) + + lockfile_relative_path = (source_dir.subpath_from_root / DEFAULT_LOCKFILE_NAME).name + return _generate_sbom_components(metadata, lockfile_relative_path) def _download(lockfile: RedhatRpmsLock, output_dir: Path) -> dict[Path, Any]: @@ -167,7 +169,9 @@ def raise_exception(message: str) -> None: raise_exception(f"Unmatched checksum of '{file_path}' != '{digest}'") -def _generate_sbom_components(files_metadata: dict[Path, Any]) -> list[Component]: +def _generate_sbom_components( + files_metadata: dict[Path, Any], lockfile_path: str +) -> list[Component]: """Fill the component list with the package records.""" components: list[Component] = [] for file_path, file_metadata in files_metadata.items(): @@ -208,8 +212,7 @@ def _generate_sbom_components(files_metadata: dict[Path, Any]) -> list[Component ) if file_metadata["checksum"] is None: - missing_hash_in_file = file_path.name - properties = [Property(name="cachi2:missing_hash:in_file", value=missing_hash_in_file)] + properties = [Property(name="cachi2:missing_hash:in_file", value=lockfile_path)] else: properties = [] diff --git a/tests/unit/package_managers/test_rpm.py b/tests/unit/package_managers/test_rpm.py index 1a35e4501..cba26b5ae 100644 --- a/tests/unit/package_managers/test_rpm.py +++ b/tests/unit/package_managers/test_rpm.py @@ -283,10 +283,13 @@ def test_resolve_rpm_project( output_dir.join_within_root.return_value.path = mock_package_dir_path mock_download.return_value = {} - _resolve_rpm_project(mock.Mock(), output_dir) + source_dir = mock.Mock() + source_dir.subpath_from_root = Path() + + _resolve_rpm_project(source_dir, output_dir) mock_download.assert_called_once_with(mock_model_validate.return_value, mock_package_dir_path) mock_verify_downloaded.assert_called_once_with({}) - mock_generate_sbom_components.assert_called_once_with({}) + mock_generate_sbom_components.assert_called_once_with({}, "rpms.lock.yaml") @mock.patch("cachi2.core.package_managers.rpm.main.run_cmd") @@ -345,7 +348,7 @@ def test_generate_sbom_components(mock_run_cmd: mock.Mock) -> None: "checksum": "sha256:21bb2a09852e75a693d277435c162e1a910835c53c3cee7636dd552d450ed0f1", } } - components = _generate_sbom_components(files_metadata) + components = _generate_sbom_components(files_metadata, "rpms.lock.yaml") assert components == [ Component( name=name, @@ -374,14 +377,14 @@ def test_generate_sbom_components_missing_checksum(mock_run_cmd: mock.Mock) -> N "checksum": None, } } - components = _generate_sbom_components(files_metadata) + components = _generate_sbom_components(files_metadata, "rpms.lock.yaml") assert components == [ Component( name=name, version=version, purl=f"pkg:rpm/{vendor}/{name}@{version}-{release}?arch={arch}&download_url={quote(url)}", properties=[ - Property(name="cachi2:missing_hash:in_file", value="foo-1.0-2.fc39.x86_64.rpm"), + Property(name="cachi2:missing_hash:in_file", value="rpms.lock.yaml"), ], ) ]